Attorney Docket No. 15437-0696 
AMENDMENTS TO THE CLAIMS 

1-3 Canceled 

4. (Currently Amended) Th e m e thod according to Claim 1, furth e r 
comprising: A method of configuring an open interoperable security assertion markup 
language (SAML) session comprising: 

receiving a first entity identifier of a first entity by a second entity; 

receiving a first account mapping between said first entity and said second entity 
by said second entity; 

storing said first entity identifier and said first account mapping as a first record 
in a first partner list accessible to said second entity; 

receiving a second entity identifier of said second entity by said first entity; 

receiving a second account mapping between said second entity and said first 
entity by said first entity; 

storing said second entity identifier and said second account mapping as a second 
record in a second partner list accessible to said first entity; 

receiving one or more mappings between said first entity and said second entity 
by said second entity, wherein the mappings are selected from the group consisting of an 
attribute mapping, a site attribute list, an account mapping, and an action mapping; 

storing said one or more mappings between said first entity and said second 
entity as a part of said first record in said first partner list accessible to said second 
entity; 

receiving one or more mappings between said second entity and said first entity 
by said first entity, wherein the mappings are selected from the group consisting of an 
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attribute mapping, a site attribute list, an account mapping, and an action mapping; and 

storing said one or more mappings between said second entity and said first 
entity as part of said second record in said second partner list accessible to said first 
entity. 

5. (Original) The method according to Claim 4, wherein said attribute 
mapping, said site attribute list, said account mapping, and said action mapping are 
implemented as a java class. 

6. (Original) The method according to Claim 4, wherein said attribute 
mapping defines a mapping of an attribute between said second entity and said first 
entity. 

7. (Currently Amended) The method according to Claim 4, wherein said site 
attribute list defines a list of attribut e one or more attributes to be exchanged between 
said second entity and said first entity. 

8. (Original) The method according to Claim 4, wherein said action mapping 
defines a mapping of an authorization of said second entity to an authorization of said 
first entity. 

9. (Currently Amended) Th e method according to Claim 1, furth e r 
comprising: A method of configuring an open interoperable security assertion markup 
language (SAML) session comprising: 
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receiving a first entity identifier of a first entity by a second entity; 

receiving a first account mapping between said first entity and said second entity 
by said second entity; 

storing said first entity identifier and said first account mapping as a first record 
in a first partner list accessible to said second entity; 

receiving a second entity identifier of said second entity by said first entity; 

receiving a second account mapping between said second entity and said first 
entity by said first entity; 

storing said second entity identifier and said second account mapping as a second 
record in a second partner list accessible to said first entity; 

receiving a first client certificate of said first entity by said second entity; 

receiving a first network address of said first entity by said second entity; 

storing said first client certificate and said first network address as another part of 
said first record in said first partner list acc e ssabl e accessible to said second entity; 

receiving a second client certificate of said second entity by said first entity; 

receiving a second network address of said second entity by said first entity; and 

storing said second client certificate and said second network address as another 
part of said second record in said second partner list acc e ssabl e accessible to said first 
entity. 

10. (Currently Amended) A method of providing an open interoperable 
security ass e rtions assertion markup language (SAML) session comprising: 

receivin g, by a first entity, a SAML request from a second entity , comprising an 
entity identifie r, by a first e ntity ; 
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searching a partner list of said first entity for a record containing a matching entity 
identifier, wherein said record contains an account mapping and an attribute mapping, 
wherein said account mapping defines a mapping of an account of said second entity to 
an account of said first entity, and wherein said attribute mapping defines a mapping of 
an attribute of said second entity to an attribute of said first entity ; and 

processing said SAML request in accordance with said account mapping and said 
attribute mapping; and 

sending a SAML assertion in response to said SAML request . 

11-13. Canceled 

14. (Currently Amended) The method according to Claim ±3 10, wherein 
said attribute mapping defines a mapping of an attribute namespace of said second entity 
is to an attribute namespace of said first entity. 

15. (Currently Amended) The method according to Claim 10, furth e r 
comprising: 

searching a partn e r list of said first e ntity for a r e cord containing a matching 
e ntity id e ntifier, wh e r e in said record contains an action mapping; and 

proc e ssing said SAML ass e rtion in accordance with said action mapping 
wherein said record further contains an action mapping, and wherein said SAML 
request is processed in accordance with said account mapping, said attribute mapping, 
and said action mapping . 
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1 6. (Original) The method according to Claim 1 5, wherein said action 
mapping defines a mapping of an authorization decision of said second entity to an 
authorization decision of said first entity. 

17. Canceled 

1 8. (Currently Amended) The method according to Claim ±2 10, further 
comprising: 

s e arching a partn e r list of said first e ntity for a r e cord containing a matching 
e ntity id e ntifi e r, wher e in said r e cord contains a site attribut e list; and; 

g e n e rating said SAML assertion in accordanc e with said sit e attribut e list 
wherein said record further contains a site attribute list, and wherein said method 
further comprises: 

generating said SAML assertion in accordance with said site attribute list . 

19. (Currently Amended) The method according to Claim 18, wherein said 
site attribute list defines an attribute that is to be returned by said s e cond first entity to 
said first second entity. 

20-21 Canceled 

22. (Currently Amended) Th e system according to Claim 20, wh e r e in: A 
system for configuring an open and interoperable security assertion markup language 
(SAML) session comprising: 
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a first entity comprising: 

a first administration module for receiving a first entity identifier of a 

second entity and a first account mapping between said second 

entity and said first entity; and 
a first partner list, accessible by said first administration module, for 

storing said first entity identifier and said first account mapping; 

and 

said second entity comprising: 

a second administration module for receiving a second identifier of said 

first entity and a second account mapping between said first 

entity and said second entity; and 
a second partner list, accessible by said second administration module, for 

storing said second entity identifier and said second account 

mapping; wherein 

said first administration module receives a first attribute mapping between said 
second entity and said first entity; 

said first partner list stores said first attribute mapping; 

said second administration module receives a second attribute mapping between 
said first entity and said second entity; and 

said second partner list stores said second attribute mapping. 

23. (Currently Amended) The system according to Claim 22, wherein said 
attribute mapping defines a mapping of an attribute of said second entity ite to said first 
entity. 
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24. (Currently Amended) Th e syst e m according to Claim 20, wh e r e in: A 
system for configuring an open and interoperable security assertion markup language 
(SAML) session comprising: 

a first entity comprising: 

a first administration module for receiving a first entity identifier of a 
second entity and a first account mapping between said second 
entity and said first entity; and 
a first partner list, accessible by said first administration module, for 

storing said first entity identifier and said first account mapping; 
and 

said second entity comprising: 

a second administration module for receiving a second identifier of said 

first entity and a second account mapping between said first 

entity and said second entity; and 
a second partner list, accessible by said second administration module, for 

storing said second entity identifier and said second account 

mapping; wherein 

said first administration module receives a first site attribute list between said 
second entity and said first entity; 

said first partner list stores said first site attribute list; 

said second administration module receives a second site attribute list 
between said first entity and said second entity; and 

said second partner list stores said second site attribute list. 
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25. (Original) The system according to Claim 24, wherein said site attribute 
list defines an attribute that is to be returned by said second entity to said first entity. 

26. (Currently Amended) Th e syst e m according to Claim 20, wh e r e in: A 
system for configuring an open and interoperable security assertion markup language 
(SAML) session comprising: 

a first entity comprising: 

a first administration module for receiving a first entity identifier of a 

second entity and a first account mapping between said second 

entity and said first entity; and 
a first partner list, accessible by said first administration module, for 

storing said first entity identifier and said first account mapping; 

and 

said second entity comprising: 

a second administration module for receiving a second identifier of said 

first entity and a second account mapping between said first 

entity and said second entity; and 
a second partner list, accessible by said second administration module, for 

storing said second entity identifier and said second account 

mapping; wherein 

said first administration module receives a first action mapping between said 
second entity and said first entity; 

said first partner list stores said first action mapping; 
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said second administration module receives a second action mapping between 
said first entity and said second entity; and 

said second partner list stores said second action mapping. 

27. (Original) The system according to Claim 26, wherein said action 
mapping defines a mapping of an authorization decision of said second entity to an 
authorization decision of said first entity. 

28. (Currently Amended) A system for providing an open and interoperable 
security ass e rtions assertion markup language (S AML) session comprising: 

a first entity comprising: 

a first session module for generating and sending a S AML request , said 

S AML request comprising an entity identifier ; and 
a first partner list, acc e ssibl e by said first s e ssion modul e , comprising a 

first plurality of r e cords e ach comprising an entity id e ntifi e r and a 

corr e sponding account mapping; and 
a second entity, communicatively coupled to said first entity, comprising; 
a second session module for receiving and processing said SAML 

request in accordanc e with an account mapping b e tw ee n said 

second entity and said first e ntity ; and 
a s e cond partner list, accessible by said second session module, 

comprising a s e cond plurality of r e cords e ach comprising an 

entity identifier and a corr e sponding account mapping record that 

contains a matching entity identifier, said record further 
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containing an account mapping and an attribute mapping, 
wherein said account mapping defines a mapping of an account 
of said second entity to an account of said first entity, and 
wherein said attribute mapping defines a mapping of an attribute 
of said second entity to an attribute of said first entity ; 
wherein said second session module searches for said record, processes said 

SAML request in accordance with said account mapping and said attribute mapping, and 

sends a SAML assertion in response to said SAML request . 

29-30. Canceled 

3 1 . (Currently Amended) The system according to Claim 28, wherein said 
record further contains s e cond partner list furth e r comprises an action mapping between 
said first entity and said second entity, and wherein said SAML request is further 
processed according to said action mapping. 

32. (Currently Amended) The system according to Claim 28, wherein said 
record further contains first partn e r list furth e r comprises a site attribute list between said 
first entity and said second entity, and wherein said second session module generates a 
said SAML assertion in accordance with said site attribute list. 



33-41 Canceled 

42. (New) A computer readable medium comprising one or more instructions 
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which, when executed by one or more processors, cause the one or more processors to 
implement a method comprising: 

receiving, by a first entity, a security assertion markup language (SAML) request 
from a second entity, wherein the SAML request comprises an entity identifier; 

searching a partner list for a record containing a matching entity identifier, 
wherein said record contains an account mapping and an attribute mapping, wherein said 
account mapping defines a mapping of an account of said second entity to an account of 
said first entity, and wherein said attribute mapping defines a mapping of an attribute of 
said second entity to an attribute of said first entity; 

processing said SAML request in accordance with said account mapping and said 
attribute mapping; and 

sending a SAML assertion in response to said SAML request. 

43. (New) The computer readable medium of claim 42, wherein said record 
further contains an action mapping, and wherein said SAML request is processed in 
accordance with said account mapping, said attribute mapping, and said action mapping. 

44. (New) The computer readable medium according to Claim 43, wherein 
said action mapping defines a mapping of an authorization decision of said second entity 
to an authorization decision of said first entity. 

45. (New) The computer readable medium according to Claim 42, wherein 
said record further contains a site attribute list, and wherein said method implemented by 
said one or more processors further comprises: 
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generating said SAML assertion in accordance with said site attribute list. 

46. (New) The computer readable medium according to Claim 45, wherein 
said site attribute list defines an attribute that is to be returned by said first entity to said 
second entity. 
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